Secret Server includes many pre-configured Password Changers that are utilized by the Remote password Change process, including PowerShell script.
Searching Secret Server in PowerShell
Secret Server webservices can be called using scripts. To authenticate and search for a secret in PowerShell, use the procedure below.
- Save the script below to a file, such as searchsecret.ps1.
- Change the script as needed to match your Secret Server and username/password/domain.
- Change theÂ
$searchterm to match your search. - Open a command window (cmd.exe).
- Navigate to the same directory asÂ
searchsecret.ps1. - Run the script by usingÂ
.\searchsecret.ps1Â ORÂpowershell .\searchsecret.ps1.
$url = 'http://mysecretserver/webservices/sswebservice.asmx';
$username = 'myusername'
$password = 'mypassword'
$domain = 'mydomain'Â Â # leave blank for local users
$searchterm = 'VPN'
$proxy = New-WebServiceProxy -uri $url -UseDefaultCredential
# get a token for further use by authenticating using username/password
$result1 = $proxy.Authenticate($username, $password, '', $domain)
if ($result1.Errors.length -gt 0){
$result1.Errors[0]
exit
}Â
elseÂ
{
$token = $result1.Token
}
# search secrets with our searchterm (authenticate by passing in our token)
Write-Host 'Searching for: ' $searchterm
$result2 = $proxy.SearchSecrets($token, $searchterm,$null,$null)
if ($result2.Errors.length -gt 0){
$result2.Errors[0]
}
else
{
Write-Host 'Got search results: ' $result2.SecretSummaries.length
# If you want the data as XML
# $xml = convertto-xml $result2.SecretSummaries -As string -Depth 20
# $xml
$result2.SecretSummaries | ForEach-Object { Write-Host 'SecretId:' $_.SecretId ' Name:' $_.SecretName ' FolderId:' $_.FolderId }
# if ($result2.SecretSummaries.length -gt 0) {
# $result2.SecretSummaries[0]
# }
}  
Using Secret Fields in Scripts
Secret Server supports using PowerShell, SSH, and SQL scripts as dependencies on a secret. These scripts can use information on the secret through the field name prepended with a $. For example, $DOMAIN, $PASSWORD, or $USERNAME. Linked secrets are accessible by $[1]$FIELDNAME for the first linked secret, $[2]$FIELDNAME for the second, and so on.
There are two contexts in which script dependencies run:
- As part of the RPC process. See Password Changing Scripts.
- When run manually from the Dependencies tab on the secret.
For a complete list of tokens that are available to script dependencies, see List of Dependency Tokens.
Create a New Dependency Changer
From Delinea Documentation:Â
Create a New Dependency Changer for Synchronizing Passwords During RPC
Replace $url with the name of the machine hosting your Secret Server instance.
$url = 'http://MySecretServerURL/webservices/sswebservice.asmx';
$username = $Args[0]
$password = $Args[1]
$newpassword = $Args[2]
$secretIdArray = $Args[3]
$domain = $Args[4]
$proxy = New-WebServiceProxy -uri $url -UseDefaultCredential
$result1 = $proxy.Authenticate($username, $password, '', $domain)
if ($result1.Errors.length -gt 0){
  $errors = $result1.Errors[0]
  Write-Debug "Errors result1: $errors"
  exit
} else {
  $token = $result1.Token
}
$secretIds = $secretIdArray -split ","
foreach($secretId in $secretIds){
  $result2 = $proxy.GetSecret($token, $secretId, $false, $null)
  if ($result2.Errors.length -gt 0){
    $errors = $result2.Errors[0]
    Write-Debug "Errors result2: $errors"Â
  } else {
    $secretName = $result2.Secret.Name
    Write-Debug "Updating Secret: $secretName"
    foreach ($item in $result2.Secret.Items) {
      if($item.IsPassword) {
        $item.Value = $newpassword
      }
    }
    $secret = $result2.Secret
    $result3 = $proxy.UpdateSecret($token, $secret)
    if ($result3.Errors.length -gt 0) {
    $errors = $result3.Errors[0]
      Write-Debug "Errors result3: $errors"Â
    } else {
      Write-Debug "Updated Secret: $secretName"
    }
  }
}
References
- Searching Secret Server in PowerShell
- Create a New Dependency Changer for Synchronizing Passwords During RPC
![[5 Mins Docker] Deploy FreshRSS Using Docker Run Command and Deploy To Fly.io](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uzNMdKE0WJbzjXK0-x-uGPvYNQuBQsqrE6cwYkEq4J1d9Zb9B1mfN5ub0smrGVs4_8uRLEzucuegcvig39vLB1-09YcZKV_WBkcXTo_TtOHw)
No comments:
Post a Comment